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£N) Abstract 

Mulmuley [Mull2a] recently gave an explicit version of Noether's Normalization lemma for 
ring of invariants of matrices under simultaneous conjugation, under the conjecture that there 
are deterministic black-box algorithms for polynomial identity testing (PIT). He argued that this 
gives evidence that constructing such algorithms for PIT is beyond current techniques. In this 
work, we show this is not the case. That is, we improve Mulmuley's reduction and correspondingly 
weaken the conjecture regarding PIT needed to give explicit Noether Normalization. We then 
observe that the weaker conjecture has recently been nearly settled by the authors ([FS12]), who 
gave quasipolynomial size hitting sets for the class of read-once oblivious algebraic branching 
programs (ROABPs). This gives the desired explicit Noether Normalization unconditionally, up 
to quasipolynomial factors. 

As a consequence of our proof we give a deterministic parallel polynomial-time algorithm for 
deciding if two matrix tuples have intersecting orbit closures, under simultaneous conjugation. 

We also study the strength of conjectures that Mulmuley requires to obtain similar results as 
00 ours. We prove that his conjectures are stronger, in the sense that the computational model he 

needs PIT algorithms for is equivalent to the well-known algebraic branching program (ABP) 
model, which is provably stronger than the ROABP model. 
£f) Finally, we consider the depth-3 diagonal circuit model as defined by Saxena [Sax08], as 

PIT algorithms for this model also have implications in Mulmuley's work. Previous work (such 
as [ASS12] and [FS12]) have given quasipolynomial size hitting sets for this model. In this 
work, we give a much simpler construction of such hitting sets, using techniques of Shpilka and 
Volkovich [SV09]. 

>< 

c5 1 Introduction 



Many results in mathematics are non-constructive, in the sense that they establish that certain 
mathematical objects exist, but do not give an efficient or explicit construction of such objects, and 
often further work is needed to find constructive arguments. Motivated by the recent results of 
Mulmuley [Mull 2a] (henceforth "Mulmuley", but theorem and page numbering will refer to the full 
version [Mull2b]), this paper studies constructive versions of the Noether Normalization Lemma from 
commutative algebra. The lemma, as used in this paper, can be viewed as taking a commutative ring 
R, and finding a smaller subring S C R such that S captures many of the interesting properties of 
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R (see Section 1.2 for a formal discussion). Like many arguments in commutative algebra, the usual 
proof of this lemma does not focus on the computational considerations of how to find (a concise 
representation of) the desired subring S. However, the area of computational commutative algebra 
(eg, [DK02, CLO07]) offers methods showing how many classic results can be made constructive, 
and in certain cases, the algorithms are even efficient. 

While constructive methods for Noether Normalization are known using Grobner bases (cf. 
|CLO ]), the Grobner basis algorithms are not efficient in the worst-case (as show by Mayr and 
Meyer [MM82]), and are not known to be more efficient for the problems we consider. Diverging 
from the Grobner basis idea, Mulmuley recently observed that a constructive version of Noether 
Normalization is really a problem in derandomization. That is, given the ring R, if we take a 
sufficiently large set of "random" elements from R, then these elements will generate the desired 
subring S of R. Indeed, the usual proof of Noether Normalization makes this precise, with the 
appropriate algebraic meaning of "random". This view suggests that random sampling from R is 
sufficient to construct S, and this sampling will be efficient if R itself is explicitly given. While 
this process uses lots of randomness, the results of the derandomization literature in theoretical 
computer science (eg, [IW97, IKW02, KI04]) give strong conjectural evidence that randomness in 
efficient algorithms is not necessary. Applied to the problems here, there is thus strong conjectural 
evidence that the generators for the subring S can be constructed efficiently, implying that the 
Noether Normalization Lemma can be made constructive. 

Motivated by this connection, Mulmuley explored what are the minimal derandomization 
conjectures necessary to imply an explicit form of Noether Normalization. The existing conjectures 
come in two flavors. Most derandomization hypotheses concern boolean computation, and as such 
are not well-suited for algebraic problems (for example, a single real number can encode infinitely 
many bits), but Mulmuley does give some connections in this regime. Other derandomization 
hypotheses directly concern algebraic computation, and using them Mulmuley gives an explicit 
Noether Normalization Lemma, for some explicit rings of particular interest. In particular, Mulmuley 
proves that it would suffice to derandomize the polynomial identity testing (PIT) problem in certain 
models, in order to obtain a derandomization of the Noether Normalization Lemma. Mulmuley 
actually views this connection as an evidence that derandomizing PIT for these models is a difficult 
computational task (Mulmuley, p. 3) and calls this the GCT chasm. Although Mulmuley conjectures 
that it could be crossed he strongly argues that this cannot be achieved with current techniques 
(Mulmuley, p. 3): 

On the negative side, the results in this article say that black-box derandomization 
of PIT in characteristic zero would necessarily require proving, either directly or by 
implication, results in algebraic geometry that seem impossible to prove on the basis of 
the current knowledge. 

In this work, we obtain a derandomization of Noether 's Normalization Lemma for the problems 
discussed in Mulmuley's Theorems 1.1 and 1.2, using existing techniques. These results alone 
have been suggested by Mulmuley (in public presentation) to contain the "impossible" problems 
mentioned above. This suggests that problems cannot be assumed to be difficult just because they 
originated in algebraic-geometric setting, and that one has to consider the finer structure of the 
problem. 

In addition, just as Mulmuley's techniques extend to Noether Normalization of arbitrary quivers 
(Mulmuley's Theorem 4.1), our results also extend to this case, but we omit the straightforward 
details. However, we do not give any results for Noether Normalization of general explicit varieties 
as discussed in Mulmuley's Theorem 1.5, and indeed that seems difficult given that Mulmuley's 
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Theorem 1.6 gives an equivalence between general PIT and Noether Normalization for a certain 
explicit variety. 1 

We start by briefly describing the PIT problem. For more details, see the survey by Shpilka and 
Yehudayoff [SY10]. 

1.1 Polynomial Identity Testing 

The PIT problem asks to decide whether a polynomial, given by an algebraic circuit, is the zero 
polynomial. An algebraic circuit is a directed acyclic graph with a single sink (or root) node, called 
the output. Internal nodes are labeled with either a x- or +-gate, which denote multiplication and 
addition respectively. The source (or leaf) nodes, are labeled with either variables Xi, or elements 
from a given field F. An algebraic circuit computes a polynomial in the ring ¥[x%, . . . , x n ] in the 
natural way (as there are no cycles): each internal node in the graph computes a function of its 
children (either x or +), and the circuit itself outputs the polynomial computed by the output node. 
Algebraic circuits give the most natural and succinct way to represent a polynomial. 

Given an algebraic circuit C, the PIT problem is to test if the polynomial / it computes is 
identically zero, cts £t polynomial in 1F[xi, . . . , x n ] . Schwartz [Sch80] and Zippel [Zip79] (along with 
the weaker result by DeMillo and Lipton [DL78]) showed that if / ^ is a polynomial of degree < d, 
and ct±, . . . , a n £ SCF are chosen uniformly at random, then f(a±, . . . , a n ) = with probability 
< d/\S\. It follows then that we can solve PIT efficiently using randomness, as evaluating an 
algebraic circuit can be done efficiently. The main question concerning the PIT problem is whether 
it admits an efficient deterministic algorithm, in the sense that it runs in polynomial time in the 
size of the circuit C. Heuristically, this problem can be viewed as replacing any usage of the 
Schwartz-Zippel result with a deterministic set of evaluations. 

One important feature of the above randomized PIT algorithm is that it only uses the circuit C 
by evaluating it on given inputs. Such algorithms are called black-box algorithms, as they treat the 
circuit as merely a black-box that computes some low-degree polynomial (that admits some small 
circuit computing it). This is in contrast to white-box algorithms, that probe the structure of C in 
some way. White-box algorithms are thus less restricted, whence deriving a black-box algorithm is 
a stronger result. For the purposes of this paper, instead of referring to deterministic black-box 
PIT algorithms, we will use the equivalent notion of a hitting set, which is a small set % C F n of 
evaluation points such that for any non-zero polynomial / computed by a small algebraic circuit, / 
must evaluate to non-zero on some point in %. A standard argument (see [SY10]) shows that small 
hitting sets exist, the main question is whether small explicit hitting sets, which we now define, 
exist. As usual, the notion of explicit must be defined with respect to an infinite family of objects, 
one object for each value of n. For clarity, we abuse notation and do not discuss families, with the 
understanding that any objects we design will belong to an unspecified family, and that there is a 
single (uniform) algorithm to construct these objects that takes as input the relevant parameters. 

Definition 1.1. Let C C ¥[xi, . . . ,x n ] be a class of polynomials. A set MCF™ is a hitting set 

for C if for all f E C, f = iff /|-^ = 0. The hitting set T~L is t(n)-explicit if there is an algorithm 
such that given an index into H, the corresponding element of H can be computed in t(n)-time, 
assuming unit cost arithmetic in F. 

The main reason we could obtain our results is that for the variety we consider, there are explicitly known 
generators for the ring of invariants (as given in Theorem 1.3), and these generators are computationally very simple. 
For general explicit varieties, obtaining such explicit generators is an open problem, and even if found, the generators 
would not likely be as computational simple as the generators of Theorem 1.3. We refer the reader to Mulmuley's 
Section 10 where these issues are discussed further. 
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That is, we mean that the algorithm can perform field operations (add, subtract, multiply, 
divide, zero test) in F in unit time, and can start with the constants and 1. We will also assume 
the algorithm has access to an arbitrary enumeration of F. In particular, when F has characteristic 
0, without loss of generality the algorithm will only produce rational numbers. 

1.2 Noether Normalization for the Invariants of Simultaneous Conjugation 

Mulmuley showed that when R is a particular ring, then the problem of finding the subring S given 
by Noether Normalization can be reduced to the black-box PIT problem, so that explicit hitting 
sets (of small size) would imply a constructive version of Noether Normalization for this ring. The 
ring considered here and in Mulmuley's Theorems 1.1 and 1.2 is the ring of invariants of matrices, 
under the action of simultaneous conjugation. 

Definition 1.2. Let M denote a vector of r matrices, each 2 [n] x [n], whose entries are distinct 
variables. Consider the action o/GL n (F) by simultaneous conjugation on M, that is, 

{M x ,..., M r ) h+ {PMiP-\ PM r P- 1 ) . 

Define F[Af] GLn( - F ) to be the subring of¥[M] consisting of polynomials in the entries of M that are 
invariant under the action o/GL„(F). That is, 

F[M] G M F) := {/|/(M) = f{PMP- l ),yP G GL n (F)} . 

Note that F[M] GL ™( F ) is in fact a ring. When F has characteristic zero, the following result gives 
an explicit set of generators for the ring of invariants. When F has positive characteristic, the result 
is known not to hold (see [KP00, §2.5]) so we will only discuss characteristic zero fields. 

Theorem 1.3 ([Pro76, Raz74, For86]). Let ¥ be a field of characteristic zero. Let M denote a 
vector of r matrices, each [n] x faj, whose entries are distinct variables. The ring ¥[M] GLn ^ of 
invariants is generated by the invariants T := {trace(Mj 1 • • • Mi e )\i G lr} e , £ G [n 2 ]}. 

Further, the ring F[M] GL ™( F ) is not generated by the invariants {trace(Mj 1 • • ■ Mi e )\i G [r] , £ G 

wm- ' ~ 

That is, every invariant can be represented as a (multivariate) polynomial, with coefficients in F, 
in the above generating set. Note that the above generating set is indeed a set of invariants, because 
the trace is cyclic, so the action of simultaneous conjugation by P cancels out. 

The above result is explicit in two senses. The first sense is that all involved field constants 
can be efficiently constructed. The second is that for any / G T and A, f{A) can be computed 
quickly. In particular, any / G T can be computed by a poly(n, r)-sized algebraic circuit, as matrix 
multiplication and trace can be computed efficiently by circuits. We encapsulate these notions in 
the following definition. 

Definition 1.4. A set V C ¥[xi, . . . , x n ] of polynomials has t{n) -explicit^ C-circuits, if there 
is an algorithm such that given an index into V, a circuit C G C can be computed in t{n)-time, 
assuming unit cost arithmetic in ¥, such that C computes the indexed f G V. 

2 In this work we will most often index vectors and matrices starting at zero, and will indicate this by the use of 
[n], which denotes the set {0, . . . , n — 1}. Also, [n] will be used to denote the set {1, . . . , n}. 

3 It is important to contrast this with the vague notion of being mathematically explicit. For example, a non-trivial 
n-th root of unity is mathematically explicit, but is not computationally explicit from the perspective of the rational 
numbers. Conversely, the lexicographically first function / : {0, 1} L lo s lo g n J {0,1} with the maximum possible 
circuit complexity among all functions on [log log nj bits, is computationally explicit, but arguably not mathematically 
explicit. While will we exclusively discuss the notion of computational explicitness in this paper, the constructions are 
all mathematically explicit, including the Forbes-Shpilka [FS12] result cited as Theorem 1.12. 
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In particular, the above definition implies that the resulting circuits C have size at most t{n). 
The class of circuits C can be the class of all algebraic circuits, or some restricted notion, such as 
algebraic branching programs, which are defined later in this paper. Thus, in the language of the 
above definition, the set of generators T has poly(n, r)-explicit algebraic circuits. 

However, the above result is unsatisfactory in that the set of generators T has size exp(poly(n, r)), 
which is unwieldy from a computational perspective. One could hope to find a smaller set of 
generators, but the lower bound in the above theorem seems a barrier in that direction. The 
number of generators is relevant here, as we will consider three computational problems where these 
generators are useful, but because of their number the resulting algorithms will be exponential-time, 
where one could hope for something faster. To define these problems, we first give the following 
standard definition from commutative algebra. 

Definition 1.5. Let R be a commutative ring, and S a subring. Then R is integral over S if every 
element in R satisfies some monic polynomial with coefficients in S. 

As an example, the algebraic closure of Q (the algebraic numbers) is integral over Q. In this 
work the rings R and S will be rings of polynomials, and it is not hard to see that all polynomials in 
R vanish at a point iff all polynomials in S vanish at that point. This can be quite useful, especially 
if S has a small list of generators. The statement of Noether Normalization is exactly that of 
providing such an S with a small list of generators. The question we consider here is how to find an 
explicit such S for the ring of invariants under simultaneous conjugation, where S should be given 
by its generators. 

Question 1.6. Let F be an algebraically closed field of characteristic zero. Is there a small set of 
polynomials T' Q F[M] GL ™( F ) with explicit algebraic circuits, such that F[M] GL ™( F ) is integral over 
the subring S generated by T' ? 

We will in fact mostly concern ourselves with the next problem, which has implications for the 
first, when F is algebraically closed. We first give the following definition, following Derksen and 
Kemper [DK02]. 

Definition 1.7. A subset T' Q F[M] GL "( F ) is a set of separating invariants if for all A,BE 
(FNxN)H, there exists an f G F[M] GL "( F ) such that f(A) / f(B) iff there exists an f G V such 
that f>(A)jt f(B). 

As before, we will ask whether we can find an explicit construction. 

Question 1.8. Let F have characteristic zero. Is there a small set of separating invariants T' Q 
F[M] GL "( F ) with explicit algebraic circuits? 

Mulmuley used the tools of geometric invariant theory [MFK94], as done in Derksen and 
Kemper [DK02], to note that, over algebraically closed fields, any set T' of separating invariants will 
also generate a subring that (F^M"!)^! is integral over. Thus, any positive answer to Question 1.8 
will give a positive answer to Question 1.6. Hence, we will focus on constructing explicit separating 
invariants (over any field of characteristic zero). 

Note that relaxations of Question 1.8 can be answered positively. If we only insist on explicit 
separating invariants (relaxing the insistence on having few invariants), then the exponentially-large 
set of generators T given in Theorem 1.3 suffices as these polynomials have small circuits and 
as they generate the ring of invariants, they have the required separation property. In contrast, 
if we only insist of a small set of separating invariants (relaxing the explicitness) , then Noether 
Normalization essentially shows that a non-explicit set of separating invariants T 1 of size poly(n, r) 
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exists, basically by taking a random T' ■ More constructively, Mulmuley observed that Grobner basis 
techniques can construct a small set of separating invariants T', but this set is still not explicit as 
such algorithms take exponential-space, so are far from efficient. In the particular case of F[M] GL "( F ), 
Mulmuley showed that the construction can occur in PSPACE unconditionally, or even PH, assuming 
the Generalized Riemann Hypothesis. Thus, while there are explicit sets of separating invariants, 
and there are small sets of separating invariants, existing results do not achieve these two properties 
simultaneously. 

The third problem is more geometric, as opposed to algebraic. Given a tuple of matrices A, we 
can consider the orbit of A under simultaneous conjugation subset of (FHxH)W. A natural 
computational question is to decide whether the orbits of A and B intersect. However, from the 
perspective of algebraic geometry it is more natural to ask of the orbit closures intersect. That is, 
we now consider A and B as lying in (F x " n ") M , where F is the algebraic closure of F. Then, we 
consider the orbit closures of A and B in this larger space, where this refers to taking the orbits 
in (j?^*^)!'! anc j closing them with respect to the Zariski topology. This yields the following 
question. 

Question 1.9. Let ¥ be a field of characteristic zero. Is there an efficient deterministic algorithm 
(in the unit cost arithmetic model) that, given A,B e (FMxM)M ; decides whether the orbit closures 
of A and B under simultaneous conjugation have an empty intersection? 

Mulmuley observed that by the dictionary of geometric invariant theory [MFK94], A and B 
have a non-empty intersection of their orbit closures iff they are not distinguishable by any set of 
separating invariants. Thus, any explicit set T' of separating invariants, would answer this question, 
as one could test if / agrees on A and B (as / is easy to compute, as it has a small circuit), for all 
/ E T". Thus, as before, Question 1.9 can be solved positively by a positive answer to Question 1.8. 

The main results of this paper provide positive answers to Questions 1.6, 1.8 and 1.9. 

1.3 Mulmuley 's results 

Having introduced the above questions, we now summarize Mulmuley's results that show that these 
questions can be solved positively if one assumes that there exist explicit hitting sets for a certain 
subclass of algebraic circuits, which we now define. We note that Mulmuley defines this model using 
linear, and not affine functions. However, we define the model using affine functions as this allows 
the model to compute any polynomial (and not just homogeneous polynomials), potentially with 
large size. However, this is without loss of generality, as derandomizing PIT is equally hard in the 
linear and the affine case, via standard homogenization techniques, see Lemma 4.1. 

Definition 1.10 (Mulmuley). A polynomial f(x±, . . . ,x n ) is computable by a width w, depth d, 
trace of a matrix power if there exists a matrix A(x\, . . . ,x n ) G F[xi, . . . , x n ]M x M whose 
entries are affine functions in x such that f(x) = tia,ce(A(x) d ) . The size 1 of a trace of a matrix 
power is nwd. 

As matrix multiplication and trace both have small algebraic circuits, it follows that traces of 
matrix powers have small circuits. Further, as a restricted class of algebraic circuits, we can seek 
to deterministically solve the PIT problem for them, and the hypothesis that this is possible is 
potentially weaker than the corresponding hypothesis for general algebraic circuits. However, this 
hypothesis, in its black-box form, is strong enough for Mulmuley to derive implications for the above 
questions. 

4 One could consider the size to be nw log d because of the repeated squaring algorithm. However, in this paper our 
size measure is more natural as all such d will be small. 
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Theorem (Part of Mulmuley's Theorems 1.1 and 3.6). Let ¥ be a field of characteristic zero. Assume 
that there is a t(m)-explicit hitting set, of size s(m), for traces of matrix power over ¥ of size m. 
Then there is a set T' of separating invariants, of size poly(s(poly(ra, r)J), with poly(t(poly(n, r)))- 
explicit traces of matrix powers. Further, for algebraically closed ¥, F[M] GL "-( F ) is integral over the 
ring generated by T' ■ 

We briefly summarize the proof idea. It is clear from the definitions that the generating set T 
for F[M] GL ™( F ) is a set of separating invariants, albeit larger than desired. The proof will recombine 
these invariants into a smaller set, by taking suitable linear combinations. Specifically, suppose 
A and B are separable, and thus T(A) ^ 7~(B), where T(A) denotes the sequence of evaluations 
(f(A))f e f Standard arguments about inner-products show then that (T(A),d) / (T(B),a) for 
random values of a. As a linear combination of invariants is also an invariant, it follows that 
f$(M) = (T(M), a) is an invariant, and will separate A and B for random a. Intuitively, one can 
non-explicitly derandomize this to yield a set of separating invariants by taking sufficiently many 
choices of a. and union bounding over all A and B. 

Note that finding such a is equivalent to asking for a hitting set for the class of polynomials 
{f s (A) - f g (B) :A,Be (FHxM)W} ) so explicitly derandomizing PIT would give an explicit set 
of separating invariants, as was desired. However, as is, the above reduction is unsatisfactory in 
two ways. Primarily, the resulting set of separating invariants would still be exponentially large, as 
one cannot, by a counting argument, construct small hitting sets for the above class of polynomials 
unless one can exploit structure in vectors T{A). Second, the resulting invariants /«(M) will not 
have small circuits, unless, as before, one can exploit the structure of T(A), but now using the 
structure to compute the exponentially-large sum (T(A),a) in sub-exponential time. Both of these 
problems can be overcome by showing that indeed the vector T{A) does have structure, in particular 
that it can be encoded into the coefficients of a small circuit. The circuit class that Mulmuley uses 
is the trace of matrix powers model. 

Assuming various plausible conjectures and using the requisite results in derandomization 
literature, Mulmuley showed that small explicit hitting sets exist, removing the need to outright 
conjecture the existence of such hitting sets. This thus established the conjectural existence of small 
explicit sets of separating invariants by the above theorem. We list one such conditional result 
here, noting that all such conditional results Mulmuley derived gave sets of separating invariants of 
quasi-polynomial size, or worse. 

Theorem (Part of Mulmuley's Theorems 1.2 and 5.1). Let ¥ be a field of characteristic zero. 
Suppose there is a multilinear polynomial (family) f(x±, . . . ,x n ) G Z[x\, . . . ,x n ] with coefficients 
containing at most poly(n) bits, such that f{x) can be computed in exp(n)-time, but f cannot be 
computed by an algebraic circuit of size 0(2 tn ) and depth 0(n e ) for some e > 0. Then F[M] GL "( F ) 
has a poly (n, r) polylog ( ri,r ) -size set of separating invariants, with poly(n, r) p °^° g ^ n ' r ^ -explicit traces of 
matrix powers. 

While the above result is conditional, unconditional results can also be derived, if randomness 
is allowed. That is, by exploiting the connection between separating invariants and closed orbit 
intersections mentioned above, and using that PIT can be solved using randomness, Mulmuley 
obtains the following randomized algorithm. 

Theorem (Mulmuley's Theorem 3.8). Let ¥ be a field of characteristic zero. There is an algorithm, 
running in randomized po\y\og(n,r)-time using poly (n, r) -processors (RNC), in the unit cost arith- 
metic model, such that given A,B£ (]pH x H)M ; ne can decide whether the orbit closures of A 
and B under simultaneous conjugation have an empty intersection. 
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Using the just mentioned conjectures, Mulmuley can also partially derandomize the above 
algorithm, but not to within polynomial time. 

1.4 Our Results 

We study further the connection raised by Mulmuley regarding the construction of separating 
invariants and the black-box PIT problem. In particular, we more carefully study the classes of 
algebraic circuits arising in the reduction from Noether Normalization to PIT. Two models are 
particularly important, and we define them now. 

Definition 1.11 (Nisan [Nis91]). A algebraic branching program with unrestricted weights 

of depth d and width < w, on the variables directed acyclic graph such that 

• The vertices are partitioned in d+ 1 layers Vo, . . . , Vd, so that Vq = {s} (s is the source node), 
and Vd = {t} (t is the sink node). Further, each edge goes from V%-i to V% for some < i < d. 

• max \Vi\ < w. 

• Each edge e is weighted with a polynomial f e £ ¥[x\. 

Each s-t path is said to compute the polynomial which is the product of the labels of its edges, 
and the algebraic branching program itself computes the sum over all s-t paths of such polynomials. 

• In an algebraic branching program (ABP), for each edge e the weight f e {x) is an affine 
function. The size is nwd. 

• In a read-once oblivious ABP (ROABP) of (individual) degree < r, we have n := d, and 
for each edge e from Vf_i to Vi, the weight is a univariate polynomial f e {%i) £ ¥[xi] of degree 
< r. The size is dwr. 

In the definition of ROABPs we will exclusively focus on individual degree, and thus will use the 
term "degree" (in Section 6 we will use the more usual total degree, for a different class of circuits). 
The ROABP model is called oblivious because the variable order x\ < • • • < Xd is fixed. The model 
is called read-once because the variables are only accessed on one layer in the graph. 

The ABP model is a standard algebraic model that is at least as powerful as algebraic formulas, as 
shown by Valiant [Val79], and can be simulated by algebraic circuits. As shown by Berkowitz [Bcr84], 
the determinant can be computed by a small ABP over any field. See Shpilka and Yehuydayoff [ ] 
for more on this model. 

The ROABP model arose in prior work of the authors ([FS12]) as a natural model of algebraic 
computation capturing several other existing models. This model can also be seen as an algebraic 
analogue of the boolean model of computation known as the read-once oblivious branching program 
model, which is a non-uniform analogue of the complexity class RL. See Forbes and Shpilka [FS12] 
for more of a discussion on the motivation of this class. 

Note that a polynomial computed by an ROABP of size s can be computed by an ABP of 
size poly(s). The converse is not true, as Nisan [Nis91] gave exponential lower bounds for the size 
of non-commutative ABPs computing the determinant, and non-commutative ABPs encompass 
ROABPs, while as mentioned above Berkowitz [Bcr84] showed the determinant can be computed 
by small ABPs. Thus the ROABP model is strictly weaker in computational power than the ABP 
model. 

While there are no efficient (white-box or black-box) PIT algorithms for ABPs, we established 
in prior work ([FS12]) a quasi-polynomial sized hitting set for ROABPs. This hitting set will be at 
the heart of our main result. 
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Theorem 1.12 ([FS12]). Let C be the set of d-variate polynomials computable by depth d, width 
< w, degree < r ROABPs. If |F| > poly(d, w, r), then C has a poly(<i, w, r)- explicit hitting set 
% C ¥ d , of size < po\y(d,w,r) c, ^ lgd K Further, if¥ has characteristic zero then TL C Q d . 

Our contributions are split into four sections. 

The computational power of traces of matrix powers: We study the model of algebraic 
computation, traces of matrix powers, shown by Mulmuley to have implications for derandomizing 
Noether Normalization. In particular, as this model is a restricted class of algebraic circuits, we can 
ask: how restricted is it? If this model was particularly simple, it would suggest that derandomizing 
PIT for this class would be a viable approach to derandomizing Noether Normalization. In contrast, 
if this model of computation is sufficiently general, then given the difficulty of derandomizing 
PIT for such general models, using Mulmuley's reduction to unconditionally derandomize Noether 
Normalization could be a formidable challenge. In this work, we show it is the latter case, proving 
the following theorem. 

Theorem (Theorem 4.6). The computational models of algebraic branching programs and traces of 
matrix powers are equivalent, up to polynomial blow up in size. 

Derandomizing Noether Normalization via an improved reduction to PIT: This section 
contains the main results of our paper. Given the above result, and the lack of progress on 
derandomizing PIT in such general models such as ABPs, it might seem that derandomizing Noether 
Normalization for simultaneous conjugation is challenging. However, we show this is not true, by 
showing that derandomization of black-box PIT for ROABPs suffices for derandomizing Noether 
Normalization for simultaneous conjugation. By then invoking our prior work on hitting sets for 
ROABPs cited as Theorem 1.12, we establish the following theorems, giving quasi-affirmative 
answers to Questions 1.6, 1.8 and 1.9. Furthermore, our results are proved unconditionally and are 
at least as strong as the conditional results Mulmuley obtains by assuming strong conjectures such 
as the Generalized Riemann Hypothesis or strong lower bound results. 

Specifically, we prove the following theorem which gives an explicit set of separating invariants 
(see Question 1.8). 

Theorem 1.13. Let ¥ be a field of characteristic zero. There is a poly(n,r)°( lo s( n )) -sized set T H 
of separating invariants, with poly (n,r)- explicit ABPs. That is, Th Q F[M] GLn ( F ), and for any 
A,B€ (FW><H)W ; f(A) ^ f{B) for some f G F[M] GL "( F ) iff f'(A) + f(B) for some f G T n . 

As a consequence of Theorem 1.13 and the discussion in Subsection 1.2 we obtain the following 
corollary that gives a positive answer to Question 1.6. In particular, it provides a derandomization 
of Noether Normalization Lemma for the ring of invariants of simultaneous conjugation. 

Corollary 1.14. Let F be an algebraically closed field of characteristic zero. Let Th be the set 

guaranteed by Theorem 1.13. Then, F[M] GL ™( F ) is integral over the subring generated by Ty_. 

For deciding intersection of orbit closures, Question 1.9, the natural extension of Theorem 1.13, 
as argued in Subsection 1.2, would yield a quasi-polynomial-time algorithm for deciding orbit 
closure intersection. However, by replacing the black-box PIT results for ROABPs of Forbes and 
Shpilka [FS12] by the white-box PIT results by Raz and Shpilka [RS05] (as as well as follow-up 
work by Arvind, Joglekar and Srinivasan [AJS09]), we can obtain the following better algorithm for 
deciding orbit closure intersection, proving a strong positive answer to Question 1.9. 
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Theorem 1.15. Let ¥ be a field of characteristic zero. There is an algorithm, running in determin- 
istic po\y\og(n,r)-time using po\y(n,r)-processors (NC), in the unit cost arithmetic model, such that 
given A,B£ (jplM x M ) H ; one can decide whether the orbit closures of A and B under simultaneous 
conjugation have an empty intersection. 

As mentioned above, Mulmuley also gets results for Noether Normalization of arbitrary quivers 
(Mulmuley's Theorem 4.1) in a generalization of the results on simultaneous conjugation. The main 
difference is a generalization of the list of generators given in Theorem 1.3 to arbitrary quivers, 
as given by Le Bruyn and Procesi [LBP90]. Our improved reduction to PIT, involving ROABPs 
instead of ABPS, also generalizes to this case, so analogous results to the above three theorems are 
readily attained. However, to avoid discussing the definition of quivers, we do not list the details 
here. 

PIT for Depth-3 Diagonal Circuits: Mulmuley's Theorem 1.4 showed that Noether Normal- 
ization for representations of SL m (F) can be reduced, when m is constant, to black-box PIT of a 
subclass of circuits known as depth-3 diagonal circuits, see Section 6 for a definition. This class of 
circuits (along with a depth-4 version) was introduced in Saxena [Sax08] , who gave a polynomial-time 
white-box PIT algorithm, via a reduction to the white-box PIT algorithm for non-commutative 
ABPs of Raz and Shpilka [RS05]. Saha, Saptharishi and Saxena [f IS11] (among other things) 
generalized these results to the depth-4 semi-diagonal model. Agrawal, Saha and Saxena [ASS12] 
gave (among other things) a quasipolynomial size hitting set for this model, by showing that any 
such circuit can be shifted so that there is a small-support monomial, which can be found via 
brute-force. In independent work, the present authors (in [FS12]) also established (among other 
things) a quasipolynomial size hitting set for this model. This was done by showing that the depth-4 
semi-diagonal model is efficiently simulated by the ROABP model. Further, this was done in two 
ways: the first was an explicit reduction by using the duality ideas of Saxena [Sax08], and the second 
was to show that the diagonal model has a small space of derivatives in a certain sense, and that 
ROABPs can efficiently compute any polynomial with that sort of small space of derivatives. Some 
aspects of this model are also present in the work of Gupta-Kamath-Kayal-Saptharishi [GKKS13] 
showing that (arbitrary) depth-3 formulas capture, in a sense, the entire complexity of arbitrary 
algebraic circuits. 

Here, we give a simpler proof that the depth-3 diagonal circuit model has a quasipolynomial 
size hitting set. This is done using the techniques of [SV09], and have some similarities with the 
work of Agrawal, Saha and Saxena [ASS12]. In particular, we show the entire space of derivatives 
is small, for depth-3 model (but not the depth-4 model). We then show that this implies such 
polynomials must contain a monomial of logarithmic support, which can be found via brute- force in 
quasipolynomial time. Unlike the work of Agrawal, Saha and Saxena [ASS12], no shifts are required 
for this small monomial to exist. Thus, we get the following theorem. 

Theorem (Corollary 6.12). Let ¥ be a field with size > d + 1. Then there is a poly(n, d, log(s))- 
explicit hitting set of size poly(n, d)°( lo s s ) for the class of n-variate, degree < d, depth-3 diagonal 
circuits of size < s. 

Deciding (non-closed) orbit membership via PIT: The results mentioned thus far have 
taken an algebro-geometric approach to studying the orbits of tuples of matrices under simultaneous 
conjugation, as they take this geometric action and study the algebraic structure of its invariants. 
This perspective, by the very continuous nature of polynomials, can only access the orbit closures 
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under this group action. For example, working over C, define 



and note that for any e and for any S ^ 0, PsA t P^~ = A e g. It follows that for any polynomial / 
invariant under simultaneous conjugation of 2 x 2 matrices, that f(A e ) is independent of e, as / 
is continuous and we can take e — > 0. However, for any e 7^ 0, A e is not conjugate to Aq = I2, the 
identity matrix, or equivalently, A e and Aq are not in the same orbit. Thus, from the perspective of 
invariants A t and Aq are the same, despite being in different orbits. 

One can ask the analogue of Question 1.9, but for orbits as opposed to orbit closures. Note 
that by the invertibility of the group action, two orbits must either be disjoint, or equal. Thus, we 
equivalently ask for an algorithm to the orbit membership problem for simultaneous conjugation. 
That is, given A,B £ (fM*M)H j s there an invertible P G FH X W such that B = PAP' 1 . 

Several interesting cases of this problem were solved: Chistov, Ivanyos and Karpinski [CIK£ 
gave a deterministic polynomial time algorithm over finite fields and over algebraic number fields; 
Sergeichuk [ScrOO] gave 5 a deterministic algorithm over any field, that runs in polynomial time 
when supplied with an oracle for finding roots of polynomials. 6 Chistov-Ivanyos-Karpinski also 
mentioned that a randomized polynomial-time algorithm for the problem follows from the work of 
Schwartz and Zippel [Sch80, Zip79]. In conversations with Yekhanin [Yckl2], we also discovered this 
randomized algorithm, showing that this problem is reducible to PIT for ABPs. Because of its close 
relation to the rest of this work, we include for completeness the proof of the following theorem. 

Theorem (Theorem A.l). LetF be afield of size > poly(n). Then the orbit membership problem, 
for simultaneous conjugation, is reducible to polynomial identity testing for ABPs. In particular, 
this problem has a randomized, parallel, polynomial-time algorithm. 



1.5 Notation 

Given a vector of polynomials / £ ¥[x] n and an exponent vector i £ N n , we write /' for f^ 1 ■ ■ ■ f^ 1 . 

Given a polynomial / £ F[x], we write to denote the coefficient of x 1 in /. For a matrix 

M £ F[x]W x W J we write <£^(M) to denote the r x r F-matrix, with the operator applied to 
each entry. When we write "/ 6 F[x][?/|", we will treat / as a polynomial in the variables y, whose 
coefficients are polynomials in the variables x, and correspondingly will write to extract the 

polynomial in x that is the coefficient of the monomial y 3 in /. 



1.6 Organization 

In Section 2 we give the necessary background on ROABPs. We prove our main results about 
explicit Noether Normalization in Section 3. 

The rest of our results appear in the following order. We give the equivalence between the trace 
of matrix power and ABP models of computation in Section 4. We give the hitting set for depth-3 
diagonal circuits in Section 6, using Hasse derivatives as defined in Section 5. In Appendix A we 
give the reduction from the orbit membership problem to PIT. 

5 In his paper Sergeichuk gives credit for the algorithm to Belitskii [Bel83]. 

6 This is not how the result is stated in [ScrOO], but this is what one needs to make the algorithm efficient. In fact, 
to make the algorithm of Sergeichuk run in polynomial space one needs to make another assumption that would allow 
writing down the eigenvalues of all matrices involved in polynomial space. For example, one such assumption would 
be that they all belong to the some polynomial degree extension field (Grochow [Grol3]). 
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2 Properties of Algebraic Branching Programs 



We first derive some simple properties of ABPs, as well as ROABPs, that show their tight connection 
with matrix products, and traces of matrix products. We begin with the following connection 
between an ABP with unrestricted weights, and the product of its adjacency matrices. As the 
lemma is proved in generality, it will apply to ABPs and ROABPs, and we will use it for both. 

Lemma 2.1. Let / € F[ x%, . . . , x n ] be computed by a depth d, width < w ABP with unrestricted 
weights, such that the variable layers are Vq, . . . , Va- For < % < d, define Mj E F[x]^ i_lX ^ such 
that the (u,v)-th entry in Mi is the label on the edge from u E Vi-i to v G Vj, or if no such edge 
exists. Then, when treating F[x]M x M = F[x], 

f{x) = J] Mi{x) := M l {x)M 2 {x) ■ ■ ■ M d {x) . 

Further, for an ABP, the matrix Mi has entries which are affine forms, and for an ROABP, the 
matrix Mi has entries which are univariate polynomials in Xi of degree < r. 

Proof. Expanding the matrix multiplication completely, one sees that it is a sum of the product of 
the labels of the s-t paths such that the i-th edge goes from Vi-\ to Vj. By the layered structure of 
the ABP, this is all such paths, so this sum computes f{x). □ 

The above lemma shows that one can easily convert an ABP or ROABP into a matrix product, 
where the entries of matrices obey the same restrictions as the weights in the ABP or ROABP. 
The above lemma gives matrices with varying sizes, and it will be more convenient to have square 
matrices, which can be done by padding, as shown in the next lemma. 

Lemma 2.2. Let f E F[ x\, . . . ,x n ] be computed by a depth d, width < w ABP with unrestricted 
weights. Then for i E [d], there are matrices Mi E F[x]M x ^ such that in block notation, 



/(f) 




n M *( f ) 



that is, Ylie[d] Mi{x) contains a single non-zero entry located at (0,0), which contains the polynomial 
f{x). Conversely, any such polynomial f such that 

f{x) = i n Mi(x) 

\i£[d] / (0i o) 

can be computed by a depth d, width w, ABP with unrestricted weights. 

Further, for the specific cases of ABPs and ROABPs, the entries in the Mi are restricted: for 
ABPs the matrix Mi has entries which are affine forms, and for an ROABP the matrix Mi has 
entries which are univariate polynomials in Xi of degree < r. 

Proof. ABP ==>■ matrices: Lemma 2.1 furnishes Mj such that f{x) = Yl i Mi(x). Let M[ E 
¥[x] H xH be Mi padded with zeroes to become {wj x {w} sized, that is, 



M'i(x) :-- 



Mi 
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where we use block-matrix notation. By the properties of block-matrix multiplication, it follows that 

m o 



as desired. One can observe that the use of Lemma 2.1 implies that the Mi have the desired 
restrictions on their entries. 

matrices =>■ ABP: For 1 < i < d define M[ := Mj. Define M{ to be the 0-th row of M\, and 
define M' d to be the 0-th column of M^. Then it follows that 

m=(l[M i (x)\ =J[M>(x) 

V i ' (0,0) i 

and that the M[ have at most w rows and columns. Using the M[ as the adjacency matrices in an 
ABP with unrestricted weights, it follows by Lemma 2.1 that / is computed by a depth d, width 
w ABP with unrestricted weights. Further, the use of this lemma shows the entry restrictions for 
ABPs and ROABPs are respected, to the result holds for these models as well. □ 

We next observe that small-size ABPs and ROABPs are respectively closed under addition and 
multiplication. 

Lemma 2.3. Let f,f £ ¥[xi, . . . ,x n ] be computed by depth d ABPs with unrestricted weights, 
where f is computed in width < w and f is computed in width < w' . Then f + f and f — f are 
computed by depth d, width < (w + w') ABPs with unrestricted weights. Further, this also holds for 
the ABP model, and the ROABP model with degree < r. 

Proof, f + /': Consider the ABPs with unrestricted weights for / and /'. As they have the same 
depth, we can align their d + 1 layers. Consider them together as a new ABP, by merging the 
two source nodes, and merging the two sink nodes. This is an ABP and has the desired depth, 
width and degree. Note that it computes / + /', as any source-sink path must either go entirely 
through the ABP for /, or entirely though the ABP for /', i.e. there are no cross-terms. Thus, the 
sum over all paths can be decomposed into the paths for / and the paths for /', showing that the 
computation is / + /' as desired. 

Note that in the ABP case, all edge weights are still affine functions, and in the ROABP case, 
the edge weights are still univariate polynomials of degree < r for the relevant variables, as we 
aligned the layers between / and /'. 

/ — /': This follows by showing that if /' is computable by an ABP with unrestricted weights 
then so is — /', all within the same bounds. To see this, observe that by flipping the sign of all edges 
from Vb to V\ in the computation for each source-sink path in the computation for /' will have 
its sign flipped, and thus the entire sum will be negated, computing — /' as desired. 

Note that the allowed edge weights for ABPs and ROABPs are closed under linear combinations, 
so the above computation of — / is also valid in these models. □ 



iw=n 



Mi 




UiMi 















3 Reducing Noether Normalization to Read-once Oblivious Alge- 
braic Branching Programs 

In this section we construct a small set of explicit separating invariants for simultaneous conjugation. 
We do so by constructing a single ROABP that encodes the entire generating set T for F[M] GLn ( F ), 
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as given by Theorem 1.3. We then use hitting sets for ROABPs to efficiently extract the separating 
invariants from this ROABP. We begin with the construction ' of the ROABP. 

Construction 3.1. Let n,r,£ > 1. Let M denote a vector of r matrices, each [n] x [nj, whose 
entries are distinct variables. Define 

M{x) := M i x i 
ie[r] 

and, for the £ variables x, define 

fl{M,x) :=trace(M(xi)---M(x^)). 

The following lemma shows that these polynomials fe(M, x) can be computed by small ROABPs, 
when x is variable and M is constant. 

Lemma 3.2. Assume the setup of Construction 3.1. Let A, B G (FW X N)W. Then fi{A,x) - 
fe(B, x) can be computed by a width 2n 2 , depth £, degree < r ROABP. 

Proof. Observe that fe(A,x) = trace(A(xi) • • • A(x t )) = Eie[ n ](Ilj=i M x j))(i,i)- B Y applying a 
permutation of indices, and appealing to Lemma 2.2, we see that (Ilj=i ^( x j))(i,i) ^ s computable by 
a depth £, width n, degree < r ROABP, for each i. Thus, appealing to Lemma 2.3 completes the 
claim. □ 

Alternatively, when x is constant, and the matrices M are variable, then fi(M,x) can be 
computed by a small ABP. 

Lemma 3.3. Assume the setup of Construction 3.1. Let a G F . Then /^(M,q) can be computed 
by a width n 2 , depth £ ABP, and this ABP is constructable in po\y(n,r,£) steps. 

Proof. Observe that fe(M, a) = trace(M(ai) • • • M(a^)), and that each M(cti) is an [nj x [nj matrix 
with entries that are affine forms in the M. Thus, just as in Lemma 3.2, we can compute this trace 
in width n 2 , depth £ ABP by appealing to Lemma 2.2 and Lemma 2.3. It is straightforward to 
observe that the construction of this ABP runs in the desired time bounds, as the above lemmas 
are constructive. □ 

Our next two lemmas highlight the connection between the polynomials in Construction 3.1 
and the generators of the ring of invariants provided by Theorem 1.3. Namely, they show that 
the generators in the set T of Theorem 1.3 are faithfully encoded as coefficients of the polynomial 
fi(M, x), when viewing this polynomial as lying in the ring F[M][x]. Note here that we use the <t-j 
notation as defined in Subsection 1.5. 

Lemma 3.4. Assume the setup of Construction 3.1. Then for i G N , taking coefficients in ¥[M][x], 

£ dM M,x)) = h C < M ---- M ^ 

else 



7 There are some slightly better versions of this construction, as well as a way to more efficiently use the hitting 
sets of Theorem 1.12. However, these modifications make the presentation slightly less modular, and do not improve 
the results by more than a polynomial factor, so we do not pursue these details. 
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Proof. Consider ft(M, polynomial in F[M][x]. Taking coefficients, we see that 

Z${fl{M, x)) = % (trace(M(xi) • • • M(x e ))) 



% [ trace [ [ £ M^xj 1 



trace 



M 3e x{ 




by linearity of the trace, 



X 1 



trace(M il • • • M. 

\Mrf 

tr&ce{M h ■ ■ ■ M ig ) ift€[rf 
else 



□ 



As the above lemma shows that fe(M, x) encodes all of the generators 7", it follows that A and 
B agree on the generators T iff they agree on fi(M, x). 

Lemma 3.5. Assume the setup of Construction 3.1. Let A, B G (FMxH)H and £ > 1. Then 
tT&ce(Ai 1 ■ ■ ■ Ai e ) = ticace(Bi 1 ■ ■ ■ Bi e ) for alii G [[r]] f iff fg(A,x) = fe(B,x), where this second 
equality is as polynomials in the ring ¥[x\. 

Proof. The two polynomials fg(A,x), fi(B,x) are equal iff all of their coefficients are equal. By 
Lemma 3.4, this is exactly the statement that trace( J 4j 1 • • • Ai e ) = trace(i?j 1 • • • Bi e ) for all i G 
[rtf. a 

Hence, the polynomials fe(M, x) capture the generators 7" of F[M] GLn ^ F ) thus in a sense capturing 
the entire ring F[M] GL " (F) also. 

Corollary 3.6. Assume the setup of Construction 3.1. Let ¥ be a field of characteristic zero. Let 
A, B e (fHxW)W. Then f(A) = f(B) for all f G F[M] GL "( F ) iff f e (A,x) = f e (B,x) for all 



G n z 



where the second equality is as polynomials in the ring ¥[x\. 



Proof. By Lemma 3.5, fy(A,x) = fe{B,x) for £ G [n 2 ] iff g(A) = g(B) for all g of the form 
g(M) = trace(Mj 1 • • • M{ e ) for i G [r] and I G [n 2 ]. This set of g is exactly the set T of Theorem 1.3, 
and by that result T generates F[M] GLn ( F ), which implies that the polynomials in T agree on A 
and B iff all the polynomials in F[M] GL "( F ) agree on A and B. Thus f £ (A, x) = fe(B, x) for I G [n 2 ] 
iff f(A) = f{B) for all / G F[M] GL "( F ). □ 

Thus having reduced the question of whether F[M] GLn ^ F ^ separates A and B, to the question of 
whether some fi(M, x) separates A and B, we now seek to remove the need for the indeterminates 
x. Specifically, we will replace them by the evaluation points of a hitting set, as shown in the next 
construction. 

Construction 3.7. Assume the setup of Construction 3.1. Let MCF™ be a t(n,r)- explicit hitting 
set for width < 2n 2 , depth n 2 , degree < r ROABPs. Define 

Tu :={f e (M,a)\aen,£e[n 2 }} , 

where if £ < n 2 we use the first £ variables of a for the values of x in the substitution. 
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We now prove the main theorems, showing how to construct small sets of explicit separating 
invariants. We first do this for an arbitrary hitting set, then plug in the hitting set given in our 
previous work as stated in Theorem 1.12. 

Theorem 3.8. Assume the setup of Construction 3.7. Let ¥ be a field of characteristic zero. Then 
Tu is a set of size n 2 \H\ of homogeneous separating invariants with poly (t(n,r),n,r) -explicit ABPs. 
That is, Tu C F[M] GL "( F ) ; and for any A,B G (?W X W)W, f(A) / f(B) for some f G ¥[M] Gh "^ 
iff f'{A) 7^ f'{B) for some f GTh, and each such f is computed by an explicit ABP. 

Proof. Tu has explicit ABPs: We can index Tu by £ G [n 2 ] and an index in 7-1. Given an index in 
H we can, by the explicitness of T~L, compute the associated a G T~L in i(n, r) steps. By Lemma 3.3 
we can compute an ABP for fc(M,a) in poly(n,r) steps, as £ < n 2 , as desired. 

/ G Tu are homogeneous: This is clear by construction. 

\Tu\ = n 2 \T-L\: For each £ G [n 2 ], we use one invariant per point in 7~L. 

Tu C F[M] GL "( F ): For any £, Lemma 3.4 shows that the coefficients of fe(M,x) (when regarded 
as polynomials in F[M][x]) are traces of products of the matrices in M, so these coefficients are 
invariant under simultaneous conjugation of M. It follows then for any a, fi(M,a) is a linear 
combination of invariants, and thus is an invariant. As Tu consists of exactly such polynomials, it 
is contained in the ring of all invariants. 

F[M] GL "( F ) separates Tu separates: By Corollary 3.6, we see that for any A and B, there 

is an / G F[M] GL "( F ) with f{A) / f{B) iff there is some £ G [n 2 ] such that f £ (A, x) - f e (B, x) / 0. 
By Lemma 3.2, fi(A,x) — f^B^x) is computable by a width < 2ra 2 , depth £, degree < r ROABP, 
which by the addition of n 2 — £ dummy variables (say, to the end of x), can be considered as a 
depth n 2 ROABP. Thus, as U is a hitting set for ROABPs of the relevant size, for any £ G [n ], 
fi(A, x) — fi(B, x) / iff there is some a G H such that fi(A, a) — fi(B, a) ^ 0, and thus iff there 
is an a G % such that the invariant f'{M) := fi(M, a) G T% separates A and B. □ 

As done in Mulmuley's Theorem 3.6, we can conclude that the ring of invariants is integral over 
the subring generated by the separating invariants. This uses the following theorem of Derksen and 
Kemper [DK02] (using the ideas of geometric invariant theory [MFK94]), which we only state in 
our specific case, but does hold more generally. 

Theorem 3.9 (Theorem 2.3.12, Derksen and Kemper [DK02], stated by Mulmuley in Theorem 
2.11). Let¥ be an algebraically closed field of characteristic zero. Let T C F[M] GL "( F ) be a finite 
set of homogeneous separating invariants. Then F[M] GLn ( F ) is integral over the subring S generated 
byT. 

Combining Theorem 3.8 and Theorem 3.9 yields the following corollary. 

Corollary 3.10. Assume the setup of Construction 3.7. Let F be an algebraically closed field of 
characteristic zero. Then F[M] GL "( F ) is integral over the subring generated by Tu, a set of n 2 \H\ 
invariants with poly (t(n,r),n,r)- explicit ABPs. 

Continuing with the dictionary of geometric invariant theory [MFK94], we can obtain the 
following deterministic black-box algorithm for testing of two orbit closures intersect. 

Corollary 3.11. Assume the setup of Construction 3.7. LetF be afield of characteristic zero. There 
is an algorithm, running in deterministic po\y(n,r,t(n,r),\T-L\)-time, in the unit cost arithmetic 
model, such that given A,B G (Fl n l x I n H)I r Il , one can decide whether the orbit closures of A and B 
under simultaneous conjugation have an empty intersection. Further, this algorithm is black-box, as 
it only compares f(A) and f(B) for various polynomials f. 
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Proof. As observed in Mulmuley's Theorem 3.8, the orbit closures of A and B intersect iff all 
invariants in F[M] GL ™( F ) agree on A and B. Our Theorem 3.8 shows this question can be answered 
by testing if A and B agree with respect to all / € 1%-, and this can be tested in poly(n, r, i(n, r))- 
time, as ABPs can be evaluated quickly. □ 

Thus, the above results, Theorem 3.8, Corollary 3.10, and Corollary 3.11 give positive results to 
Questions 1.8, 1.6, and 1.9 respectively, assuming small explicit hitting sets for ROABPs. Plugging 
in the hitting sets results of Forbes and Shpilka [FS12] as cited in Theorem 1.12, we obtain 
Theorem 1.13 and Corollary 1.14. 

However, using the hitting set of Theorem 1.12 does not allow us to deduce the efficient algorithm 
for orbit closure intersection claimed in Theorem 1.15 as the hitting set is too large. To get that 
result, we observe that deciding the orbit closure intersection problem does not require black-box PIT, 
and that white-box PIT suffices. Thus, invoking the white-box results of Raz and Shpilka [RS05], 
and the follow-up work by Arvind, Joglekar and Srinivasan [AJS09], we can get the desired result. 

Theorem (Theorem 1.15). Let ¥ be a field of characteristic zero. There is an algorithm, running in 
deterministic po\y\og(n,r)-time using poly (n,r) -processors (NC), in the unit cost arithmetic model, 
such that given A,B £ (jrlM x H ) H ; one can decide whether the orbit closures of A and B under 
simultaneous conjugation have an empty intersection. 

Proof. As observed in Mulmuley's Theorem 3.8, the orbit closures of A and B intersect iff all 
invariants in F[M] GL ™( F ) agree on A and B. Our results, Corollary 3.6 and Lemma 3.2, show 
there is a non-empty intersection iff an ra 2 -sized set of poly(n, r)-size ROABPs all compute the zero 
polynomial. 

Raz and Shpilka [RS05] gave a polynomial-time algorithm (in the unit-cost arithmetic model) for 
deciding if a non- commutative ABP computes the zero polynomial, and ROABPs are a special case 
of the non-commutative ABP model because the oblivious nature ensures that all multiplications of 
the variables are in the same order and thus commutativity is never exploited. Thus, by applying 
this algorithm to all of the ROABPs fy(A, x) — fe(B, x), we can decide if the orbit closures of A 
and B intersect in polynomial time, thus in P. 

Further, Arvind, Joglekar and Srinivasan [AJS( I] observed that the Raz-Shpilka [RS05] algorithm 
can be made parallel (within NC 3 ) while still running in polynomial-time, by using parallel linear 
algebra. Arvind, Joglekar and Srinivasan [AJS09] also gave an alternate, characteristic-zero specific, 
parallel algorithm for this problem (within NC 2 ). Hence, one can test each of u fz(A, x) — fi(B, x) = 0?" 
in parallel, and then return the "and" of all of these tests, again in parallel. Thus, this gives a 
parallel polynomial-time (NC) algorithm for testing if orbit closures interesect. □ 

We comment briefly on space-bounded boolean computation, and its relation with this work. 
As noted in Forbes and Shpilka [FS12], the ROABP model is a natural algebraic analogue of 
space-bounded boolean computation and the hitting sets given by Forbes and Shpilka [FS12] can be 
seen as an algebraic analogue of the boolean pseudorandom generator (PRG) given by Nisan [Nis92]. 
First, we note that by this analogy, and the fact that subsequent work by Nisan [Nis94] showed 
that the PRG of Nisan [Nis92] can be made polynomial-time with additional space, one expects 
that the quasi-polynomial-time blackbox identity test (or hitting set) of Forbes and Shpilka [FS12] 
can be made into a parallel polynomial-time whitebox identity test for ROABPs, which would bring 
the proof of Theorem 1.15 more in line with the other parts of this paper. However, the NC 3 version 
of the Raz-Shpilka [RS05] algorithm is simpler than any modification of the Forbes-Shpilka [FS12] 
result, we do not pursue the details here. 
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By this connection, it follows that one can convert the white-box PIT problem for ROABPs 
into a derandomization question in small-space computation (once the bit-lengths of the numbers 
involved are bounded). Thus, one could avoid the algorithms of Raz-Shpilka [RS05] and Arvind, 
Joglekar and Srinivasan [AJS09], and simply use the algorithm of Nisan [Nis94]. However, this is 
less clean, and furthermore this booleanization cannot give similar results to Theorem 3.8, since one 
cannot a priori bound the bit- length of the matrices A and B. 

We note here that the above result for testing intersection of orbit closures is stated in the 
unit-cost arithmetic model for simplicity. At its core, the result uses linear algebra, which can be 
done efficiently even when the bit-lengths of the numbers are considered. Thus, it seems likely the 
above algorithm is also efficient with respect to bit-lengths, but we do not pursue the details here. 

4 Equivalence of Trace of Matrix Powers, Determinants and ABPs 

In this section we study the class of polynomials computed by small traces of matrix powers, to 
gain insight into the strength of the derandomization hypotheses that Mumuley requires for his 
implications regarding Noether Normalization. In particular, we show that a polynomial can be 
computed as a small trace of matrix power iff it can be computed by a small ABP, as defined in 
Definition 1.11. 

We first show that from the perspective of the hardness of derandomizing PIT, a trace of matrix 
power can be either defined using linear or affine forms, so that we are not losing generality in 
our equivalence results below, when using the affine definition. Specifically, we want to relate the 
complexity of PIT for trace(^4(x) d ), for an affine matrix A(x) = Aq + Y^i=i AiXi, to the complexity 
of PIT of trace(j4'(x, z) ), where A 1 is the homogenized version A'(x, z) := Aqz + Ya=i ^% x i- Clearly, 
one can reduce the homogenized linear case back to the affine case, by taking z = 1, in both 
the black-box and white-box PIT model. We now consider reducing the affine case to the linear 
case. Note that this is trivial in the white-box model of PIT, as given the trace of matrix power 
tiace(A(x) d ) we can easily construct the trace of matrix power trace(^4'(x, z) d ) by replacing constants 
by the appropriate multiple of z. The next lemma shows that these two traces are also polynomially 
equivalent in the black-box model. 

Lemma 4.1. Let A{x\, . . . , x n ) = Aq + Y17=l ^i x i be matrix of affine forms. Define its homogeniza- 
tion A'(x, z) = Aqz + Ya=1 ^i x i- Then for any a and f3, trace( J 4'(a, f3) d ) can be computed using 
poly(d) queries to trace(^4(x) d ). 

Proof. (3^0: Observe that by homogeneity and linearity of the trace, we have that trace (A' (a, (3) d ) = 
/3 rf trace(^4(a//3) rf ), where a//3 is the resulting of dividing a by /3 coordinate- wise. Thus, only 1 
query is needed in this case. 

j3 = 0: Writing yx for the coordinate- wise multiplication of y on x, we can expand the trace of 
matrix power in the variable y, so that tiace(A(yx) d ) = J2j ^ y i(^ T ^ce(A(yx) d )), where £ y j extracts 
the relevant coefficient in y, resulting in a polynomial in x. It follows from polynomial interpolation 
that in d + 1 queries to trace(A(yx) d ) we can compute £ y3 (tra,ce(A(yx) d )) for any j. Observing 
that tr&ce(A'(a,0) d ) = £ y d(trace(A(yx) d )) yields the result. □ 

Thus as trace(j4'(x, z) d ) = iff trace(^4(x) d ) = 0, solving black-box PIT for trace(j4'(x, z) d ) 
solves it for trace(A(x) rf ), and the above lemma gives the needed query-access reduction. Thus, as 
the linear and affine models are equivalent with respect to PIT, we now only discuss traces of matrix 
powers in the affine case, and seek to show this model is computationally equivalent (not just with 
respect to PIT) to the ABP model. We first establish that traces of matrix powers can efficiently 
simulate ABPs. To do this, we first study matrix powers and how they interact with traces. 
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Lemma 4.2. Let xq, . . . ,x d _i be formally non-commuting variables, and let R be any commutative 
ring. Define A(x) £ R[xq, ... , Xd-i}^ x ^ by 



A{x)ij 



i/ J = i + 1 (mod d) 
else 



Then trace(^(x) d ) = Eiefd] XiX i+1 ■ ■ ■ x^_ ± mod d) . 

Proof. The matrix A defines an adjacency matrix on a d-veitex graph, which is the directed cycle with 
weights xq, x\, . . . , Xd-i ordered cyclically. Raising A to the (f-power corresponds to the adjacency 
matrix for the length-(i walks on the length-d cycle. The only such walks are single traversals of 
the cycle, starting and ending at some vertex i, and these walks have weight XiXi + \ ■ ■ ■ xn_i mo( j 
Taking the trace of A d corresponds to summing the weights of these walks, giving the desired 
formula. □ 

Alternate proof of Lemma 4-2. By definition, 

(-^ — ^ ' Aj / ^i 1 Ai 1 ^ 2 ■ ■ ■ Ai d _ 1 ^. 
h,—,id-l 

It follows that the only nonzero contribution is when ij = + 1 for all j, when defining io = id = i 
and working modulo d, and that this yields XjXj+i • • • Xu_i m0( j j\. The claim follows by summing 
over i. □ 

As this result holds even when the variables x% are non-commuting, we can use this lemma 
over the ring of matrices and thus embed matrix multiplication (over varying matrices) to matrix 
powering (of a single matrix) . 

Corollary 4.3. Let R be a commutative ring, and let M u ...,M d e i?H><H £ e matrices. Define 
the larger matrix A £ #M*M by treating A as a block matrix in (ijH><H)H x H ) so that 



Mi if j = i + 1 (mod d) 
else 



Then trace(^ d ) = dtrace(Mi • • • M d ). 



Proof. The properties of block-matrix multiplication imply that we can treat the Mi as lying in the 
non-commutative ring of matrices, and thus we apply Lemma 4.2 to the trace of A d to see that 



trace(A d ) = ^ trace(M 4 M m • • • Af ( <_i mod d) ) 
i=l 

= dtiace(M 1 M 2 - ■ ■ M d ) 

where the second equality uses that trace is cyclic. □ 

This lemma shows that the trace of a matrix power can embed the trace of a matrix product 
(up to the factor d), and Lemma 2.2 shows that traces of matrix products capture ABPs. This leads 
to the equivalence of traces of matrix powers and ABPs. 
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Theorem 4.4. Let ¥ be a field. If a polynomial f is computable by a width w, depth d ABP, then 
for any d! > d such that char(F) \ d 1 , f can be computed by a width wd! , depth d' trace of matrix 
power. In particular, d! £ {d, d + 1} suffices. 

Conversely, if a polynomial f is computable by a width w, depth d trace of matrix power, then f 
can also be computed by a width w 2 , depth d ABP. 

Proof. ABP ==^ trace of matrix power: By Lemma 2.2 there are lw} x lw} matrices Mi, . . . , 
whose entries are affine forms in x, such that f(x) = trace(Mi • • ■ M^). For i 6 [d'], define new 
matrices M- such that for i = 1, M[ := Mi/d', for 1 < i < d, we set M- := Mj, and for 
i > d, define M[ := l w , the jwj x |W] identity matrix. By linearity of the trace, it follows that 
f{x) = d' ■ trace(Mi • • • M^Md+i ■ ■ ■ M^). Noting that the M[ have entries that are all affine forms, 
Corollary 4.3 implies that there is an \wd!\ x \wd'} matrix A(x) whose entries are affine forms in x, 
such that tiace(A(x) d ) = d' ■ trace(Mi • • • M&) = f(x), as desired. Noting that d and d + 1 cannot 
both be divisible by the characteristic of F completes the claim. 

trace of matrix power ABP: Suppose f(x) = trace(^4(x) d ), where A(x) is a lw} x lw} 
matrix of affine forms. Note then that for each i, the (i, i)-th entry of A{x) d is computable by a 
width w, depth d ABP, as established by Lemma 2.2, after applying the suitable permutation of 
indices. As the trace is the summation over i of these functions, we can apply Lemma 2.3 to get the 
result. □ 

Thus the above shows that, up to polynomial factors in size, ABPs and traces of matrix powers 
compute the same polynomials. We note that there is also an equivalent computational model, 
defined by the determinant, which we mention for completeness. 

Definition 4.5. A polynomial f{x\, . . . ,x n ) is a width w projection of a determinant if there 
exists a matrix A(x) £ F[a?i, • • • , x n ] ^ x ""'H whose entries are affine functions in x such that 
f{x) = det(A(x)). The size of a projection of a determinant is nw. 

Valiant [Val79] (see also [MP08]) showed any small ABP can be simulated by a small projection 
of a determinant. Conversely, phrased in the language of this paper, Berkowitz [Ber84] gave a small 
ABP for computing a small projection of a determinant. Thus, the projection of determinant model 
is also equivalent to the ABP model. We summarize these results in the following theorem. 

Theorem 4.6. The computational models of algebraic branching programs, traces of matrix powers, 
and projections of determinants are equivalent, up to polynomial blow up in size. 

In particular, this implies that derandomizing black-box PIT is equally hard for all three of 
these computational models. 

5 Hasse Derivatives 

In this section we define Hasse derivatives, which are a variant of (formal) partial derivatives but 
work better over finite fields. For completeness, we will derive various properties of Hasse derivatives. 
We start with the definition. 

Definition 5.1. Let R be a commutative ring, and R[x] be the ring of n-variate polynomials. For 
a vector u G R n and k > 0, define d^k(f) : R[x] —> R[x], the k-th Hasse derivative of f in 
direction u, by d^k(f) = <t y k(f(x + uy)) £ R[x\, where x + uy is defined as the vector whose i-th 
coordinate in Xi + uiy. 

If u = ei, then we use d k to denote dgk, and will call this the k-th Hasse derivative with 

i i 

respect to the variable X{. For i £ N n , we will define d-x := d ^ • • • d » n . 



n 
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Note that for k = 1, this is usual (formal) partial derivative. We now use this definition to 
establish some basic properties of the Hasse derivative. In particular, the below commutativity 
property shows that the definition of d-q is not dependent on the order of the variables. Note that 
while Hasse derivatives are linear operators on R[x], they are not linear in the direction u of the 
derivative, and so several of these properties will be stated for more than two terms. 

Lemma 5.2. For /, g £ R[x\, u, v G R n , a, /3 G R, and k, £, ki, . . . , k m > 0, then 

1. d €P tf) = f 

2. d U k(af + Pg) = ad#(f) + pd#(g) 

3. f{x + uiyi + ■■■ + u m y m ) = Ek lt ...,k m >o ■ ■ ■ d ^ (f)Vi 1 ■■■vt 1 
4- 9,-j>i • • ■ dtfem (/) = Cm km (f(x + uiyi H h u m y m )) 

u 1 u. m y 1 ■■■y m 

5. d uk d^{f) = d#dtf,(f) 

6 - 9 a , a .yW = ^k 1+ -+ km =k (jij 40 d ^ • • • 8 u k A^ 

7. d U k x ■ ■■d U h m {f) = ( fc ^+ +^ m )5 fi .fc 1 +...+ fem 

Proof. (1): This is trivial. 

(2) : This follows from the linearity of C y k(-), and so 

C yk (af(x + uy) + (3g(x + uy)) = aC yk {f{x + uy)) + /3 C yk (g(x + uy))) 

(3) : This will be proven by induction on m. 

m = 1: This is the definition of the Hasse derivative. 
m > 1: By induction, we have that 

f(x + u 2 y 2 + --- + u m y m ) = • • • d i±™ (/)] ( f )v k 2 ■■■y k ™- 

k 2 ,...,km>0 

Making the substitution x ^— x + uiyi we obtain 

f(x + uiyi+ u 2 y 2 H h -u m ym) = Y] [d-jk 2 ■ ■ ■ d u k m (/)] (x + um)y 2 2 ■ ■ ■ y%? 

fc 2 ,...,fc m >0 

and so by expanding • • • d-.k m {f) into its Hasse derivatives, we obtain 

f{x + u iyi + u 2 y 2 + ■■■ + u m y m ) = V [d kl d k2 ■ ■ ■ d^ m (/)] (x )y\ 1 y£ 2 ■ ■ ■ vt 1 

' • tt^ Lfc2 T7T. 

fcl,fc2,...,fc m >0 

as desired. 

(4) : This is a restatement of (3). 

(5) : This follows immediately from (4), taking m = 2, as C z e y k(f(x + vz + uy)) = C y k z t(f(x + 
uy + vz)). 

(6) : By (3) we have that 

f(x + u m + ■■■ + u m y m ) = ]T [d kl ■ ■ ■ d u k m (/)] (x)y^ ■■■y k r ^ 

fci,...,fc m >0 
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and applying the substitution yj <— oyy we obtain 

f{x + (aiui + • • • + a m u m )y) = V c^ 1 . . . a^[^ • • • d^ m (f)](x)y kl+ - +k " 

fci,...,fc m >0 

and thus taking the coefficient of y fc yields the result. 
(7): By (4), we see that 

difi! • ■ ■ d akm {f) = = Cm km {f{x + %! + ■■■ + uy m )) 

y± '"ifm 

= C fa fcm (/(£ + u(yi + • • • + y m ))) 

= V-wfe" fe ■ (vi + ■ ■ ■ + y m ) fc ) 



9 3 fcl+-+fc m (/) □ 



= I] d uk {f){x) ■ £ fci...^™ ((2/1 + • ■ ■ + i/m) 
fc 1 

_ Ai H + fc, 

y fcl j • ■ • j k m 

We now recover the action of a partial derivative on a monomial. 
Lemma 5.3. For any £ E [n], k > 0, and ig > 0, 

F) , /V 1 . . . rj-i . . . rJn\ _ I l{ - I „*i . . . it-i it-k it+i . . i„ 

Proof. We do the case where £ = 1, as the general case is symmetric. Thus we want to understand 
the coefficient of y k in [x\ + y) n The binomial theorem tells us the coefficient of y k in 

(x\ + y) n is ^l)x l i~ k (even in the case that i% = 0, interpreted correctly). Plugging this into the 
rest of the monomial yields the result. □ 

We can now use the above properties to establish the product rule for Hasse derivatives. 
Lemma 5.4 (Product Rule). For f,g£ R[x\, u G R n and k > 0, 

i+j=k 

Proof. 

{fg){x + uy) = f{x + uy)g(x + uy) 

= (e^-w) (e^w 

= E E dAm>(g)y k 

k i+j=k 

and result follows by taking the coefficient of y k . □ 

We now will establish the chain rule for Hasse derivatives. As Hasse derivatives necessarily 
take multiple derivatives all at once, the chain rule we derive will be more complicated than the 
usual chain rule for (formal) partial derivatives, which was only for a single partial derivative. This 
formula, and its variants, are sometimes called Faa di Bruno's formula. The below formula is written 
with vector exponents, as explained in Subsection 1.5, and the d operators applied to vectors of 
polynomials are defined coordinate-wise. 
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Lemma 5.5 (Chain Rule). For f £ R[x] and g\, . . . , g n G R[y\, 

dnk(f(gi,...,g n )) 
Proof. 



1 + ---+4 
ti,...,£k , 



dy* r .(f) 



9^(f(gi, ■ ■ ■ ,g n )) = £ z h (if ° g)(y + uz)) 

= t zk (f fed* J J 

= € zk (f(g{y) + d a (g)(y)z + ■■■ + d^(g)(y)z l 



We now seek to take derivatives "in the direction of d^j(g)(y)" from the point x := g(y), treating 
each j as a different direction and each z 3 as a different variable. However, this is a subtle operation, 
as up until now we have taken the directions of our derivatives as independent of the point of 
derivation. To make this subtlety clear, we now study the above equation, by "undoing" the 
substitutions x <— g{y), and Zj <— -z J , and working with derivatives in the ring We will then 

later "redo" these substitutions. A simpler form of this logic was used to establish Lemma 5.2.6. 
We start about by applying Lemma 5.2.3 to expand out / in the directions djp(g)(y). 

f{x+d u {g){y)zi + ■■■ + d a k{g){y)z k ^ 

W^ 1 ■ ■ ■ d [d ak (sm]^ (/)] (*) • % • • • < k 

l,...,tfc^U 



= E 



and by Lemma 5.2.6, we can decompose the derivative d^j{g){y) as linear combinations of the d k 

i 

derivatives, so that as operators on 



E [Y[[duM)m^ 



As these operators are acting on R[y\ [x] we can treat all polynomials in y as constants, in particular 
the terms involving the d^j{gi){y) above. This allows us to move all of the operators past the terms 
involving the gi, to obtain, 



E 



n,k 

v i=ij=i 



d e 1A ■■■a <i,„ - d e k>1 - d 4fc (/) 



(x) ■ ■ ■ ■ z k k 
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By invoking Lemma 5.2.7 we can clump derivatives by variable, 



E 



En 
£=l' 



\i=l 



j>0 



8 ■ ■ ■ 8 y-^k {f) 

Lei i- 1 2^7=1 j.™ 



(*) ■ 4 1 ■ ■ ■ 4 



We can "redo" the substitutions x <— g(y), and Zj <— z 3 , to obtain that, 
d ak (f(g h g n )) = C z k (f(g{y) + d a (g)(y)z + ■■■ + d^(g)(y)z k )) 



n,k 



e [ n ^w^i^ xrx 



V n U=l,7 = l 



9 ■ --d (/) 



and rewriting things in vector notation, 



e n^c^tf 



9^- ? .(/) 



6 Hitting Sets for Depth-3 Diagonal Circuits 

In this section we construct hitting sets for the depth-3 diagonal circuit model, as defined by 
Saxena [Sax08]. In this section we will use some additional notation. For a vector e £ N n , we define 
Supp(e) to be its support S C [re], |e|o := I Supp(e)| and |e| x := II?=i( e ^ + !)■ We now define the 
depth-3 diagonal circuit model. 

Definition 6.1 (Saxena [Sax08]). A polynomial f(x±, . . . ,x n ) is computable by a depth-3 diagonal 
circuit if 

/(f) = ]TLf(f), 

where each Ln is a vector of affine functions. The size is n£| =1 \ei\ x . 

The hitting sets will actually be for any polynomial whose space of partial derivatives is low- 
dimensional. We now define this, using the notion of Hasse derivatives from Section 5 so the results 
apply over any characteristic. 



Definition 6.2. Let f G ¥[xi, 
\d(f)\, is defined as 



,.,x n ]. The dimension of Hasse derivatives of f, denoted 
\d(f)\:=dim{d s -(f)\ien n }. 
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The dimension is taken in the F- vector space F[xi, . . . , x n ]. Note that by Lemma 5.2 it follows 
that all iterated Hasse derivatives, even with arbitrary directions, are contained in the above space. 
This dimension is also well-behaved in various respects, such as being sub-additive, which we now 
establish. 

Lemma 6.3. Let f,g € W[xi, . . . ,x n }. Then \d(f + g)\ < \d(f)\ + \d(g)\. 
Proof. As Hasse derivatives are linear (Lemma 5.2) it follows that 

span{%(/ + ff )|?e N"} C span ({%(/)|?£ N n } , {d^(g)\i € N"}) , 

and thus taking dimensions finishes the claim. □ 

We now work to proving that depth-3 diagonal circuits have low- dimensional spaces of partial 
derivatives. We first study the partial derivatives of a single monomial. 

Lemma 6.4. Let x 1 G F[xi, . . . ,x n ]. Then \d(x l )\ < \i\ x . 

Proof. Let j £ N n , then 

n ft)**-*. 

ie[n] VV 

where (V) = if %i < je- Thus, all possible Hasse derivatives are some non-zero scalar multiple of 
x k for any k < i, and there are such k, giving the desired bound. □ 

Note that this upper bound is an equality over characteristic zero, but not over finite characteristic, 
as seen by x p in characteristic p, where |<9(x p )| = 2 but \p\ x = p + 1. However, this slack does not 
qualitatively affect the results. We now extend this dimension bound by using the chain rule. 

Lemma 6.5. Let f £ ¥[y\, and let L £ ¥[x\ be a vector of affine forms. Then \d(f o L)\ < |<9(/)|. 

Proof. Consider some derivative d^(f o L) = d i 1 ■ ■ ■ d »„ (/ o L). By the chain rule (Lemma 5.5) we 

X X-^ x n 

see that d i n (/ o L) is a linear combination of Hasse derivatives of /, evaluated at L(x), as the Hasse 

X n 

derivatives of L(x) are constants. Since Lemma 5.2 shows that derivatives of derivatives are (scalar 
multiples of) derivatives, we see that we can induct downwards on t to obtain that d %, ■ ■ ■ d % n (f o L) 

is a linear combination of Hasse derivatives of /, evaluated at L{x). Taking £ = 1, and noting that 
evaluating the Hasse derivatives of / at L{x) cannot increase dimension, the claim follows. □ 

Combing the above result with sub-additivity of the dimension of derivatives, we can now bound 
the dimension of depth-3 diagonal circuits. Such bounds are not attainable for the depth-4 diagonal 
circuit model (which we did not define), as that model contains the polynomial (X)"=i x f ) n > which 
has an exponentially large space of derivatives. As mentioned in the introduction, there are other 
works ([ASS12] and [FS12]) that handle the depth-4 case, using other techniques. 

Lemma 6.6. Let f(x) = J2e=i Le(x) ee be a depth-3 diagonal circuit, where Li(x) is an affine 
function. Then \d(f)\ < J2e=l \ ^c\x- 

Proof. By sub-additivity of dimension of Hasse derivatives (Lemma 6.3) it suffices to prove the 
claim for s = 1. Thus consider some f(x) = L(x) e . Note that f(x) = g(L(x)), where g(y) = y 6 . 
The claim then follows from Lemma 6.5 and Lemma 6.4. □ 
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We now seek to show that any polynomial with low- dimensional derivatives must have a small- 
support monomial. To do so, we introduce the notion of a monomial ordering (see [CLO07] for 
more on monomial orderings) and establish facts about its interactions with derivatives. 

Definition 6.7. A monomial ordering is a total order -< on the non-zero monomials in ¥[x] 
such that 

• For all i£ N n , 1 -< #. 

• For all k G N™, x 1 -< x J implies x l+k -< 

For concreteness, one can consider the lexicographic ordering on monomials, which is easily 
seen to be a monomial ordering. We now observe that derivatives are monotonic with respect to 
monomial orderings, except when the characteristic prevents it. That is, over characteristic p we 
have -< x p (in any ordering), but d x (x p ) = 0, which is not included in the ordering. 

Lemma 6.8. Let -< be a monomial ordering on ¥[x\. Let x 1 -< x 3 be monomials. Then for any 
k, if d^^x 1 ), d-%(x J ) ^ then cLg(a?) -< d^{x 3 ), where we abuse notation and ignore (non-zero) 
coefficients in the ordering. 

Proof. By Lemma 5.3, the assumptions of d^x 1 ), d^(x 3 ) 7^ imply that k < i,j, and that 

where a, b 7^ are constants. As the monomial ordering is total, and is monotonic over multiplication, 
it follows x i ~ k -< xi~ k , as desired. □ 

Monotonicity then implies that the largest monomial of a polynomial / will continue to be 
largest when taking derivatives, as long as it is not annihilated. Treating polynomial as vectors, this 
then gives us a diagonal system of vectors, from which we can deduce the following rank bound. 

Theorem 6.9. Let f G ¥[x] be a polynomial, and let -< be any monomial ordering in ¥[x]. Let x 1 
be the largest monomial (with respect to -<) with a non-zero coefficient in f. Then \i\o < log|(<9(/)|. 

Proof. Consider the set of vectors A C N n defined by 

A:= {j: We [n],j t G {0,^}} , 

so that all vectors in A have support contained in Supp(i). For a fixed j G A, linearity and 
Lemma 5.3 imply that 

%(^)= II 4, 

feSupp(i)\Supp(J) 

which in particular is non-zero. Write / as / = ax 1 + g, where all monomials in g are less than x 1 
and By Lemma 6.8 it follows that all non-zero monomials in d^(g) are less than cLy(x*), so 

a n^ e supp(?)\Supp(/) x% i ^ s ^ ne leading term of d^j(f). Thus, ranging j over all vectors in A, we get 
2M0 derivatives of /, each with a different leading monomial. Thus, these polynomials are linearly 
independent, so it must be that 2^° < giving the desired bound. □ 



26 



Just as in Lemma 6.4, the characteristic of the underlying field affects the tightness of this result. 
In particular, in characteristic zero, one can improve this result to \i\ x < log 

The above lemma shows that any / with a small-dimensional space of derivatives must have a 
small-support monomial. We now give a construction aimed at hitting any polynomial with such 
small-support monomials. Note that this will beat the union bound, in the sense that a union-bound 
argument for creating hitting sets against polynomials with small-support monomials will not yield 
small hitting sets as there are too many such polynomials. However, there is still a small hitting set, 
as we now construct. 

Construction 6.10. Let n,d,m > 1. Let ¥ be a field of size > d + 1. Let S C F with \S\ = d + 1. 
Define H' C F n by 

%' := {a : a £ S n , \ct\o < m} . 

We now establish the desired properties of this construction. 

Theorem 6.11. Assume the setup of Construction 6.10. Then %' is poly (n, d,m)- explicit and has 
size \H'\ < (nd) m , and for any f £ F[xi, . . . ,x n ] of total degree < d, with \d(f)\ < 2 m , f = iff 

Proof. %' is explicit: This is clear from construction. 
\H'\ < {nd) m : This is clear from construction. 
/ = Q J\ W =Q: This is clear. 

/ ^ ==^ f\i{i y£ 0: By Theorem 6.9 it follows that / has a non-zero coefficient on a monomial 
x 1 where i has support T C [n], with |T| < log |<9(/)| < m. Let y be a vector of variables indexed 
by T, and define fr{y) as f(x) under the substitution that X£ ^— for £ ^ T and X£ ^— yg for 
£ £ T. As x 1 is not annihilated by this substitution, it follows that fx ^ and is of total degree 

< d. By construction "H'|t contains all tuples in S^L As IS*! > d + 1 it follows from polynomial 
interpolation that (/t)|(-h'| t ) ^ 0, and thus / has a non-zero evaluation a £ S n with Supp(a) C T. 
By construction of H', a £ 'H', and thus /|%/ ^ as desired. □ 

By combining Theorem 6.11 with Lemma 6.6 we obtain the following hitting set for diagonal 
circuits. 

Corollary 6.12. Let ¥ be a field with size > d+ 1. Then there is a poly(n, d, \og{s))- explicit hitting 
set of size poly(n, d)°( logs ^ for the class of n-variate, degree < d, depth-3 diagonal circuits of size 

< s. 
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A Orbit Intersection Reduces to PIT 

In this section, we study the (non-closed) orbit intersection problem, as compared with the orbit 
closure intersection problem studied in Section 3. Unlike with orbit closures, the orbits with 
non-empty intersections must be equal, because the group action is invertible. Thus, the orbit 
intersection problem is equivalent to the orbit membership problem. As mentioned before, Chistov, 
Ivanyos, and Karpinski [CIK97] observed a randomized algorithm for the orbit membership problem, 
based on the Schwartz-Zippel lemma [Sch80, Zip 79]. In conversations with Yekhanin [Yekl2], we 
also discovered this result, which we include for completeness, given its closeness to the other 
questions studied in this work. 

Theorem A.l. Let ¥ be a field of size > n. There is a reduction, running in deterministic 
po\y\og(n,r)-time using poly (n,r) -processors in the unit cost arithmetic model, from the orbit 
membership problem of (¥^ n ^ x ^)^ under simultaneous conjugation, to polynomial identity testing 
of ABPs. In particular, the orbit membership problem can be solved in randomized polylog(ra, r)-time 
with poly (n,r) -processors (RNC), in the unit cost arithmetic model. 

Proof Let A,B e (fH*M)H. There exists an invertible P such that B = PAP~ l iff there is an 
invertible P such that BP = PA. This second equation is a homogeneous linear equation in P, 
and thus the set of solutions is a vector space. Gaussian elimination can efficiently (in parallel, see 
Borodin, von zur Gathen and Hopcroft [BvzGH82], and the derandomization by Mulmuley [Mul87]) 
find a basis {Pj}f =1 for this vector space, with I < n 2 . It follows then that such an invertible P 
exists iff {Pi}i contain an invertible matrix in their F-span. As the no n- vanishing of the determinant 
characterizes invertible matrices, it follows that such a P exists iff f(xi, . . . , X() := det(^f=i Pi%i) 
has a non-zero point in F . 

Clearly f(x) having a non-zero point in F^ implies that f(x) is non-zero as a polynomial. 
Conversely, as the total degree of f{x) is < n, and the field F has size > n, polynomial interpolation 
implies that if f(x) is a non-zero polynomial then it has a non-zero points in F^. Thus, we see 
that there is a P such that B = PAP' 1 iff f(x) is a non-zero polynomial, where by the results 
of Berkowitz [Ber84], f(x) is computable by a poly(n, r)-size ABP. Thus, we have reduced orbit- 
membership to PIT of ABPs, and done so in parallel. Using that ABPs can be evaluated efficiently 
in parallel, and that we can solve PIT with random evaluations by the Schwartz-Zippel lemma, we 
get the corresponding randomized parallel algorithm for orbit membership. □ 
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